Security and Privacy

Security and Privacy

Shared Responsibility Framework and E-Payments Policy

What is the Shared Responsibility Framework (SRF) about?

Digital scams are rapidly advancing, resulting in financial losses and eroding trust in online banking. To enhance protection and encourage shared responsibility, the Monetary Authority of Singapore and Infocomm Media Development Authority (IMDA) have introduced the Shared Responsibility Framework (SRF).

Effective from 16 December 2024, this framework outlines the collaborative efforts between banks, mobile network operators and customers to prevent and address phishing scams.

What are the types of phishing scams covered under SRF?

The Shared Responsibility Framework addresses scams that follow a three-step pattern:

  • Deception: The scammer pretends to be a trusted entity, such as a government body, bank or e-commerce platform offering services to Singapore residents.
  • Entrapment: The victim is tricked into clicking a malicious link sent via digital channels (e.g. SMS) and entering the account details on a fake platform.
  • Exploitation: The scammer gains control of the victim's account and conducts unauthorised transactions.


What you can expect from us?

We are dedicated to upholding our responsibilities under the Shared Responsibility Framework to provide you with a safer banking experience. Here’s what you can anticipate:

  • Cooling off period
    • A cooling off period of at least 12 hours will be imposed when Secure2u Digital Token is being activated. During this cooling period, high-risk activities cannot be performed to ensure your security.
  • Real-time alerts
    • Notification regarding high-risk activities performed, activation of Secure2u Digital Token and outgoing transactions will be sent immediately via SMS and/or email.
  • 24/7 Reporting Channel and self-service feature for you to immediately block further access to your account.
    • Immediately report any unauthorised activity to 1800 629 2265 or (65) 6533 5229 (for overseas).
    • In the event of emergency, such as scam or fraud, you can conveniently suspend your digital banking access via Kill Switch on Maybank2u SG (Lite) app or Maybank2u Online Banking. Suspension of digital banking access is immediate. Once your digital banking access is suspended, you will no longer be able to log in to Maybank2u online or mobile banking.
  • Enhanced fraud surveillance
    Fraud surveillance systems that are consistently being refined and strengthened to mitigate cases of consumers’ accounts having material sums being rapidly wiped out by unauthorised transactions in a phishing scam.  You may experience some delays in processing your transactions or additional security checks, but we assure you that this is necessary to enhance your online security. 


What you can do?

Your role is crucial in preventing scams. Below are some security features and tools you can leverage to enhance the protection of your account.

  • To avoid falling for online banking scams, you must: 
    • Always ensure contact details are updated;
    • Review your transfer limits;
    • Set transaction alerts to stay informed of any banking activities;
    • Never transfer money to people you do not know;
    • Never click on links provided in unsolicited SMSes or emails;
    • Verify unsolicited SMSes or emails received by calling the bank directly on the hotline listed on its official website;
    • Always check that you are at the bank’s official website before making any transaction or transact through the bank’s official mobile application;
    • Never divulge internet banking credentials or passwords to anyone;
    • Secure your device with a strong password, PIN or a relevant mechanism to prevent unauthorised use; TIP: A strong password is one that is difficult to guess and contains a mix of letters, numbers or symbols. You can use this on top of your device’s biometric security feature (if available).
    • Use a different PIN or password for web-based services such as email, online shopping or subscription services; and
    • Monitor transaction notifications closely so that any unauthorised payments are reported as soon as possible to increase the chances of recovery.
  • Money Lock
    • For an added layer of protection, lock any unused funds that you do not need immediate access to using Money Lock. Locking of funds can be done via Maybank2u Online Banking, Maybank2u SG (Lite) mobile app, at selected ATMs or at any Maybank Singapore branches. Once the funds are locked, you will not be able to access them until you unlock it in person
  • Kill Switch
    • In the event of emergency, such as scam or fraud, you can conveniently suspend your digital banking access via Kill Switch on Maybank2u SG (Lite) app or Maybank2u Online Banking.
    • Suspension of digital banking access is immediate. Once your digital banking access is suspended, you will no longer be able to log in to Maybank2u online or mobile banking.

 

What happens if you are a victim of a phishing scam?

In collaboration with your mobile network service provider, we will investigate such cases. Below are the steps you can apply:

  • Reporting Stage
    • Immediately report any unauthorised activity to 1800 629 2265 or (65) 6533 5229 (for overseas) within 30 days of receiving the notification alert for any unauthorised activity (e.g. transactions, high-risk activities and activation of Secure2u Digital Token) that was not initiated by you or with your consent. Please provide the necessary documents, reports, and records to proceed with the next steps.
  • Investigation Stage
    • We will investigate your claim and provide an assessment within 21 business days for straightforward cases, or 45 business days for complex cases.
  • Outcome Stage
    • You will receive a written response regarding the outcome of our investigation within 21 or 45 business days. If we find that the loss is caused by us failing to meet our duties, we will compensate you for the losses incurred arising from the phishing scam activity.
  • Resolution Stage
    • Should you disagree with the investigation outcome, you can escalate the matter by reaching out to avenues of recourse such as the Financial Industry Disputes Resolution Centre Ltd (FIDReC) or IMDA.


What is the E-Payments Policy about?  

The revised E-payments User Protection Guidelines issued by The Monetary Authority of Singapore (MAS) has taken effect on 16 December 2024. These Guidelines set out the duties of responsible financial institutions and consumers in relation to unauthorised and erroneous payment transactions involving protected accounts, and provide guidance on the liability for losses arising from unauthorised transactions.

In response to the Guidelines and as part of our initiatives to proactively educate our customers, we have issued an E-Payments Policy, which covers both Individual and Sole Proprietor account holders. Please be aware of your responsibility as an account holder and adopt safe banking measures to protect your account from unauthorised or erroneous transactions.

Click Frequently Asked Questions on how to protect yourself online.